calcom
[CAL-173] Booking success query refactor
Basically, right now a booking success url looks like this:
https://cal.dev/success?date=2022-06-30T02%3A00%3A00-06%3A00&type=3&eventSlug=30min&user=pro&reschedule=false&name=zomars&email=zomars%40cal.com&location=&eventName=&bookingId=14&isSuccessBookingPage=true
Since this a server side rendered page, we need to accomplish two things:
- Simplify the URL to only need the bookings UID as a parameter
https://cal.dev/success?uid={bookingUID}- This will prevent security leaks like previously since you need to know the UID before hand
- From UID we should be able to query all needed booking data
- we should try to migrate this page from SSR to SSG by having a a pre-rendered empty Skeleton and fetches data on client only, this will allow us to get the benefits of SSR but with extra performance benefits. Also we can have more control on when do want to return the booking data and when not. (Maybe we don’t want to render success pages from certain passed time or the booking got rescheduled)
From Linear-GitHub Sync
Hi Everyone! @zomars @PeerRich @CarinaWolli
I'm a friend of @JeroenReumkens and he introduced me to your awesome platform! So I wanted to help you guys a bit out!
I think I have a solution for part of this issue. I have rewritten the code to work with an UID of a booking in the query. So I haven't migrated it from SSR to SSG. This should resolve the security issues with this page. As I was able to see bookings without being logged in to the system, with this change it is only possible if you know the UID. I can see the same issue on the cancel success, but I see already a mention of this in [CAL-184]!
I'm now in the stage of finalising the code (doing tests etc.), I hope to have a PR out at the end of the day. But I would like to have some extra eyes on testing as there are changes in the payment part!
